Re: [fw-wiz] Isolating internal servers behind firewalls

I have had to write an SMB filter for an NFR IDS. It was a nightmare to
troubleshoot because of the faulty specification and implementation from
Microsoft :(
At last, I only did SMB packet header checks and no SMB protocol analysis.

[1] before the e-business paradigm and the "everything-over-HTTP" pattern

JDG

"Reality is that which, when you stop believing in it, doesn't go away."
Philipp K. Dick

How many new exploits come in via chargen nowadays, which you could
block vs. how many come in via Microsoft networking (Ports 445, 137,
139, etc.), which you would have open, if you want file shares to
work.